SAP S/4HANA OS File Deletion via Missing Auth Check
CVE-2026-27673 Published on April 14, 2026
Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)
Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operations which could leads to no impact on Confidentiality, Low impact on Integrity and Availability of the application.
Vulnerability Analysis
CVE-2026-27673 can be exploited with network access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity and availability.
Weakness Type
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-27673 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-27673
Want to know whenever a new CVE is published for SAP S4hana? stack.watch will email you.
Affected Versions
SAP_SE SAP S/4HANA (Private Cloud and On-Premise):- Version S4CORE 105 is affected.
- Version 106 is affected.
- Version 107 is affected.
- Version 108 is affected.
- Version 109 is affected.
- Version FI-CA 606 is affected.
- Version 616 is affected.
- Version 617 is affected.
- Version 618 is affected.